function phorum_htmlpurifier_show_form() { if (phorum_htmlpurifier_config_file_exists()) { phorum_htmlpurifier_show_config_info(); return; } global $PHORUM; $config = phorum_htmlpurifier_get_config(); $frm = new PhorumInputForm("", "post", "Save"); $frm->hidden("module", "modsettings"); $frm->hidden("mod", "htmlpurifier"); // this is the directory name that the Settings file lives in if (!empty($error)) { echo "{$error}<br />"; } $frm->addbreak("Edit settings for the HTML Purifier module"); $frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'wysiwyg\']</code>. When checked, contents sent for edit are now purified and the informative message is disabled. If your WYSIWYG editor is disabled for admin edits, you can safely keep this unchecked.</p>'); $frm->addRow('Use WYSIWYG?', $frm->checkbox('wysiwyg', '1', '', $PHORUM['mod_htmlpurifier']['wysiwyg'])); $frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'suppress_message\']</code>, which removes the big how-to use HTML Purifier message.</p>'); $frm->addRow('Suppress information?', $frm->checkbox('suppress_message', '1', '', $PHORUM['mod_htmlpurifier']['suppress_message'])); $frm->addMessage('<p>Click on directive links to read what each option does (links do not open in new windows).</p> <p>For more flexibility (for instance, you want to edit the full range of configuration directives), you can create a <tt>config.php</tt> file in your <tt>mods/htmlpurifier/</tt> directory. Doing so will, however, make the web configuration interface unavailable.</p>'); require_once 'HTMLPurifier/Printer/ConfigForm.php'; $htmlpurifier_form = new HTMLPurifier_Printer_ConfigForm('config', 'http://htmlpurifier.org/live/configdoc/plain.html#%s'); $htmlpurifier_form->setTextareaDimensions(23, 7); // widen a little, since we have space $frm->addMessage($htmlpurifier_form->render($config, $PHORUM['mod_htmlpurifier']['directives'], false)); $frm->addMessage("<strong>Warning: Changing HTML Purifier's configuration will invalidate\r\n the cache. Expect to see a flurry of database activity after you change\r\n any of these settings.</strong>"); $frm->addrow('Reset to defaults:', $frm->checkbox("reset", "1", "", false)); // hack to include extra styling echo '<style type="text/css">' . $htmlpurifier_form->getCSS() . ' .hp-config {margin-left:auto;margin-right:auto;} </style>'; $js = $htmlpurifier_form->getJavaScript(); echo '<script type="text/javascript">' . "<!--\n{$js}\n//-->" . '</script>'; $frm->show(); }
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>HTML Purifier Config Form Smoketest</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="../library/HTMLPurifier/Printer/ConfigForm.css" type="text/css" /> <script defer="defer" type="text/javascript" src="../library/HTMLPurifier/Printer/ConfigForm.js"></script> </head> <body> <h1>HTML Purifier Config Form Smoketest</h1> <p>This file outputs the configuration form for every single type of directive possible.</p> <form id="htmlpurifier-config" name="htmlpurifier-config" method="get" action="" style="float:right;"> <?php $schema_builder = new HTMLPurifier_ConfigSchema_Builder_ConfigSchema(); $schema = $schema_builder->build($interchange); $config = HTMLPurifier_Config::loadArrayFromForm($_GET, 'config', true, true, $schema); $printer = new HTMLPurifier_Printer_ConfigForm('config', '?doc#%s'); echo $printer->render(array(HTMLPurifier_Config::createDefault(), $config)); ?> </form> <pre> <?php echo htmlspecialchars(var_export($config->getAll(), true)); ?> </pre> </body> </html> <?php // vim: et sw=4 sts=4
<head> <title>HTML Purifier Config Form Smoketest</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="../library/HTMLPurifier/Printer/ConfigForm.css" type="text/css" /> <script defer="defer" type="text/javascript" src="../library/HTMLPurifier/Printer/ConfigForm.js"></script> </head> <body> <h1>HTML Purifier Config Form Smoketest</h1> <p>This file outputs the configuration form for every single type of directive possible.</p> <form id="htmlpurifier-config" name="htmlpurifier-config" method="get" action="" style="float:right;"> <?php require_once 'HTMLPurifier/Printer/ConfigForm.php'; // fictional set, attempts to cover every possible data-type // see source at ConfigTest.php require_once 'testSchema.php'; // cleanup ( this should be rolled into Config ) $config = HTMLPurifier_Config::loadArrayFromForm($_GET, 'config'); $printer = new HTMLPurifier_Printer_ConfigForm('config', '?doc#%s'); echo $printer->render($config); ?> </form> <pre> <?php echo htmlspecialchars(print_r($config->getAll(), true)); ?> </pre> </body> </html>
<p>HTML Purifier claims to have a robust yet permissive whitelist: this page will allow you to see precisely what HTML Purifier's internal whitelist is. You can also twiddle with the configuration settings to see how a directive influences the internal workings of the definition objects.</p> <h2>Modify configuration</h2> <p>You can specify an array by typing in a comma-separated list of items, HTML Purifier will take care of the rest (including transformation into a real array list or a lookup table).</p> <form method="get" action="" name="hp-configform"> <?php echo $printer_config_form->render($config, 'HTML'); ?> <p>* Some configuration directives make a distinction between an empty variable and a null variable. A whitelist, for example, will take an empty array as meaning <em>no</em> allowed elements, while checking Null/Disabled will mean that user whitelisting functionality is disabled.</p> </form> <h2>Definitions</h2> <dl> <dt>Parent of Fragment</dt> <dd>HTML that HTML Purifier does not live in a void: when it's output, it has to be placed in another element by means of something like <code><element> <?php echo $html ?> </element></code>. The parent in this example